Welcome to Spyware Warrior. I am Jack&Jill, and I will be helping you out.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click on Watch this topic for replies at the lower left corner at the end of the page. You will receive an email as soon as replies are posted.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.

Please read the instructions carefully and follow them closely, in the order they are presented to you.

If you have any doubts or problems during the fix, please stop and ask.

All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.

Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.

Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.

Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.

If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly . We may begin.

--------------------

Your DDS log is cut off. Please post the complete logs, DDS.txt and Attach.txt. You may post them in separate replies._________________Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Does ZoneAlarm Security include the Antivirus package? If yes, please let me know and it should be considered below.

You are running more than one Antivirus (AV) softwares:

Ad-Aware
Symantec Endpoint Protection
ZoneAlarm Security

Although AV is essential for keeping your computer free from viruses, having more than one AV will do more harm than protect your computer. They will not only conflict, but will slow down your computer as well. Did you pay for either one of them? Please keep the paid AV and uninstall the other. Otherwise, you will need to choose in accordance to your preference.

The same principle applies for security programs with real time protection as well. Please choose one from each category and uninstall the others:

One more thing about your security programs. I looked up Symantec Endpoint Protection and it covers spyware protection as well. Due to this, it would be advisable to uninstall or disable Windows Defender.

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.

If you need help to disable your protection programs see here and here.

Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.

If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.

In the right panel, you will see several boxes that have been checked (ticked).

Uncheck IAT/EAT

Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)

Uncheck Show All (don't miss this one)

Then click the Scan button and wait for it to finish.

Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.

Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running GMER, retry with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:

Flush DNS

Report IE Proxy Settings

Report FF Proxy Settings

List IP configuration

Click on the GO button. A log will open.

Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. if the issue happen with other browsers
2. how IE troubleshooting went
3. MiniToolBox results_________________Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.

After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.

You will be prompted to install an ActiveX Control from ESET. Please install.

Yes the latest update was after I reset IE. I'm going to feel awful silly if this was an IE issue.

I ran the ATF file, how is this file different then clicking on the clear temp folders option on my own?

I have not seen the pop up yet, however when I saw it I would click the X. It followed me to a horse related BB I frequent and to my homepage for my email. If I don't see it by tommorow I will let you know.

I ran the ATF file, how is this file different then clicking on the clear temp folders option on my own?

It covers more areas and I am not sure to what extent you have done regarding clearing the temp files.

Quote:

related BB I frequent

Could you please elaborate on this? Earlier you mentioned "bbs". What site is that? Please quote the address as sitename[dot]com or similar._________________Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.

Please uninstall this older version of Java, it is a security vulnerability:
Java 2 Runtime Environment, SE v1.4.2_18

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Hello, my computer just crashed and then restarted. Not sure why as I have not had problems with the multple windows or the popup.
I got a blue screen and something about a driver and then it shut down and restarted.

When a user posts for help, there is a certain amount of trust between the user and the person helping you. You trust me to provide help to clean your system and in return I trust you to provide the information via logs that I ask for, and for following the policies of the forum.

Regardless of whatever reasons you reinstalled the P2P program or whether you removed it later, you have broken that trust and I am no longer bound to help you.